1. Field of the Invention
The present invention relates generally to the field of IP telephony. More specifically, the present invention is related to IP telephony behind firewalls.
2. Discussion of Prior Art
Deployment of IP telephony has been slow and thus far, not particularly widespread because of compatibility issues with firewalls and network address translators (NAT). Provisions for roaming IP telephony devices within a network or networks have been limited, as most organizations, from large corporations to small businesses, employ the use of these network devices. Thus, users residing in these networks are often precluded from fully utilizing and benefiting from IP telephony. Networks protected by firewalls that allow persistent, un-monitored channels become highly vulnerable since an unmonitored channel makes the network susceptible to inbound, unfiltered, malicious traffic. Additional complications arise due to the fact that IP telephony solutions for networks having NAT require the discovery of NAT translations. This achieves less than optimal performance, since an additional piece of software must discover compression and de-compression techniques as well as NAT translations to allow for the discovery of prematurely closed telephony connections through the firewall. Thus, additional software, processing, memory, and disk storage space are required.
The following patents provide a general teaching of IP telephony.
U.S. Pat. No. 6,161,008 discloses a method for establishing communications with a user that employs multiple heterogeneous networks. A personal mobility application receives a request from a calling user containing the personal identifier of a called user. The personal identifier is used to retrieve a user record containing a plurality of terminal records, with each of the terminal records having a respective terminal address. Analyzing network usage profiles or user profiles determines the terminal address to which the calling user connects. This method does not guarantee that a terminal device will receive the call placed by the calling user. Rather, the method provides for a way to select the most likely choice of terminal address to which the user is connected.
U.S. Pat. No. 6,144,671 discloses a personal mobility method for allowing a called user having a personal host connected to a packet-based communications network at a home address to receive, at a foreign host connected to the network having an in-care-of address, a multimedia call from a calling user originally directed towards the personal host of the called user. Also disclosed is an application-layer solution for distributing multimedia calls among a plurality of peer computing devices, each of which has an address.
U.S. Pat. No. 6,359,880 discloses a localized wireless gateway offering cordless telephone service, including voice communication service, via a public packet network. The system includes a plurality of base station transceivers that provide two-way wireless voice frequency communications for wireless terminals and a packet service gateway that selectively couples the base station transceivers to the public packet data network. Also disclosed is an access manager that controls registration and validation of roaming wireless terminal devices, as well as transmission of location information for registered terminals to a home location register database via a public packet data network.
U.S. Pat. No. 6,345,294 discloses a method that allows a network appliance to boot-up remotely by obtaining configuration information from a remote source. The network appliance is able to contact a remote appliance registry to obtain information about its local environment, regardless of whether a local DHCP server or boot server exists on the local network. The appliance adheres to a principle of self-organization; it boots and observes the local environment of the LAN. The appliance broadcasts a request and waits to see whether there are responses. This method provides for a single remote configuration source that is known to the network appliance upon boot-up. It does not provide for the network appliance to obtain configuration information from a plurality of remote configuration sources.
U.S. Pat. No. 6,154,839 discloses a method for allowing a remote client to connect to a VPN through a firewall from an unknown network address. Also disclosed is a method for load balancing across multiple VPN units that couples a private network to a public network. A data packet sent from a source node to a destination node is translated and delivered on the basis of a user identifier field in the packet. The allows the data packet to be forwarded to the destination node if the user identifier is allowed communication privileges with the destination node. Thus, a list of user identifiers corresponding to all possible calling parties needs to be maintained. This method fails to provide communication privileges with the destination node in the event the user identifier is unknown, even if the network address is unknown.
U.S. Pat. No. 6,233,234 discloses a convenient and secure method of Internet telephony communication. Selectable security is provided for telephony applications through the use of an access gateway between the LAN and the packet switched data network. Information obtained from a party seeking to connect to a telephone terminal connected to the LAN is used to filter traffic on the basis of incoming or outgoing addresses or protocol. The destination terminal may only be reached first reaching the centralized access gateway, which eventually uses further information to use translation and filter tables to effect a connection to the telephone station.
The above-mentioned prior art references seek to provide IP telephony services in a secure environment by utilizing lookup tables for the purposes of: translation, identification of the user, or filtration of communications requiring additional software, processing, memory, and disk storage space. There is a need, however, for a system to provide a method to reliably establish and maintain connection with an internal host behind a firewall, regardless of the location of the host. Whatever the precise merits, features, and advantages of the above-cited references, they fail to achieve or fulfill the purposes of the present invention.